THE social media fad of tweeting and instagramming pictures of boarding passes is leaving travellers at risk of identity theft and other cyber crime.

Full names, frequent flyer numbers and flight information give cyber thieves two-thirds of the data needed to hack into airline loyalty accounts and steal points or even identities.

Intel Security Solution Architect Andy Hurren said the information on boarding passes should be treated with the same respect as any other personal data.

High risk. What information are you revealing in a tweet or Instagram post? Picture: Getty ImagesSource:Getty Images

“You need to think about who you’re showing this information to when you post on social media,” Mr Hurren said.

“At the very least it alerts others to the fact you’re leaving the country, and often frequent flyer PIN numbers are very straightforward in order to be remembered.”

He said websites set up to decode barcodes such as those on boarding passes, would usually only access the same information as that on the seat allocation ticket.

“Barcodes are incredibly easy to decipher, there’s nothing complicated about that process,” said Mr Hurren.

Qantas and Virgin Australia both advise passengers against reproducing entire boarding passes on social media but reassured guests the barcode information was the same as that in print.

A Qantas spokesman said they knew customers were often excited to post pictures of boarding passes, especially when they were upgraded.

“But it makes sense to obscure your frequent flyer number, perhaps with a well-placed passport, just to protect as much of your personal information as possible,” he said.

Have phone, can travel. Tourists are warned to be wary when logging into free Wi-Fi access points. Picture: iStockSource:istock

Mr Hurren said of more risk to travellers was unsecured free public Wi-Fi services where information was sent over the internet without encryption.

A survey conducted by Intel Security of almost 14,000 travellers aged 21 to 54, found more than a third accessed Wi-Fi “wherever they could” and 32 per cent did not first check whether the connection was secure.

“There’s also the risk that whoever is providing the actual Wi-Fi access point, could be doing so deliberately to access your information — that’s what we call a fake access point,” Mr Hurren said.

“It’s trivial to create one of those, to set up your own hotspot and make it look like something credible — such as the name of a shop at an airport.

“As soon as a user connects, all their info goes straight to the operator — passwords, email accounts, everything.”